Dashlane ditching master passwords
The password manager vendor totally embraces passwordless technology. A top-tier password manager maker is ditching the use of master passwords and offering its users a totally passwordless experience. Dashlane made the announcement Wednesday, saying the feature allows new users to create an account without having to set up and remember a master password. It added…
Cyber Hygiene: A First Line of Defense Against Evolving Cyberattacks
Basic security hygiene is more impactful than you may realize. While industry headlines are often dominated by emerging tech and the latest software or hardware solutions, base-level security hygiene still protects against 98% of attacks. This includes measures such as applying zero-trust principles or keeping systems up to date with the latest security patches. However,…
QR Code Phishing Campaign Targets Top US Energy Company
Attackers targeted a major US energy company with a phishing campaign that overall sent more than 1,000 emails armed with malicious QR codes aimed at stealing Microsoft credentials. The campaign, discovered by Cofense in May, used both PNG image attachments and redirect links associated with Microsoft Bing and well-known business applications — including Salesforce and…
Takeovers of MFA-protected accounts increase, as Microsoft 365 phishing campaign shows
A Microsoft 365 phishing campaign has targeted over 100 companies since March and successfully compromised accounts belonging to senior business executives. The attackers used EvilProxy, a phishing toolkit that uses reverse-proxy tactics to bypass multifactor authentication (MFA). “Contrary to what one might anticipate, there has been an increase in account takeovers among tenants that have…
Use of Multifactor Authentication (MFA) Nearly Doubles Since 2020, Okta Secure Sign-in Trends Reports Finds
Okta, Inc. (NASDAQ: OKTA), the leading independent identity partner, today announced the release of its international Secure Sign-In Trends Report. The report, which analyzes billions of monthly workforce customer logins to Okta Workforce Identity Cloud across more than 16 industries around the world, reveals that the use of multi-factor authentication (MFA) has nearly doubled since…
Zero Trust Authentication: Foundation of Zero Trust Security
Identity and security are more important than ever in today’s “work from anywhere” world. As companies adapt to remote workforces and the use of personal devices, the need for secure authentication has become paramount. The solution uses a zero trust authentication paradigm that ensures confidence in user and device identity on a real-time, continuous basis….
Global Cloud Migration: Security Lessons Not Being Learned
Attackers on average have been enjoying slightly more than six days to exploit an unmitigated vulnerability before security teams resolve it, despite research continuing to demonstrate how hackers begin exploiting flaws within hours – or even minutes – of a new security alert being disclosed, researchers warned. That time lag between a new vulnerability coming…
Adaptive Access Technologies Gaining Traction for Security, Agility
Although only seeing tepid adoption to date, adaptive access and authentication is set to gain steam among businesses this year as organizations pursue zero-trust capabilities that grant and restrict access to data and systems based on context. In the latest sign of life in the evolving industry, startup company Oleria announced on March 21 that…
Hacked home computer of engineer led to second LastPass data breach
Password management company LastPass, which was hit by two data breaches last year, has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches…
What is Zero Trust Security? Breaking Down a Zero Trust Architecture
As cloud-based enterprises and remote workers continue to grow in popularity, the need to implement zero-trust security models has never been more relevant. But what is zero trust security? In short, zero trust security is a model founded on the assumption that no user or device can be trusted and must be verified — including…
